-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add feature to disable dns zone creation for private endpoints #1739
Comments
@jrudley this driver would create a dns zone and then create dns zone group linked to the private end point? so if dns zone is not created, how does this private end point link to the dns zone? do you want to bring your own dns zone and dns zone group? |
With the enterprise scale, azure policy creates the dns records in the hub
which has all the privately dns zones. So, yes, I would be using my own dns
zones.
…On Fri, Mar 1, 2024, 8:55 PM Andy Zhang ***@***.***> wrote:
@jrudley <https://github.com/jrudley> this driver would create a dns zone
and then create dns zone group linked to the private end point? so if dns
zone is not created, how does this private end point link to the dns zone?
do you want to bring your own dns zone and dns zone group?
—
Reply to this email directly, view it on GitHub
<#1739 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAOYIS54SUHJ5EW7MH4RVPTYWE5RJAVCNFSM6AAAAABECFGGO6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZUGIZTEMJXGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@jrudley following is current steps to create private endpoint and dns zone, the private endpoint should still be created by the driver, then how would link the DNS zone group to the private endpoint name since if you bring your own dns zone group, the private endpoint is actually not created at that time. azure_storageaccount.go:614] Creating private dns zone(privatelink.file.core.windows.net) in resourceGroup (capz-ugkm2a) |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
Is your feature request related to a problem?/Why is this needed
When using an enterprise scale approach with Azure Policy and Private Endpoints, the dns zones are in the hub network. The file csi driver will try and create the private dns zones if privateendpoint is configured. Azure policy handles dns registration of private endpoints in the hub. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale.
Describe the solution you'd like in detail
Have a feature in parameters to disable creating dns private endpoint zones.
Describe alternatives you've considered
To workaround this, I must manually create the storage account, specify the name in my storageclass and go that route instead of having the driver do everything for me within aks.
The text was updated successfully, but these errors were encountered: